Vulnerabilities > CVE-2025-20634 - Out-of-bounds Write vulnerability in Mediatek Nr16, Nr17 and Nr17R

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

mediatek

CWE-787

critical

NVD

Published: 2025-02-03

Updated: 2025-02-03

Summary

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.

Vulnerable Configurations

Part	Description	Count
OS	Mediatek Mediatek Nr16 - Mediatek Nr17 - Mediatek Nr17R -	3
Hardware	Mediatek Mediatek Mt2737 - Mediatek Mt6813 - Mediatek Mt6835 - Mediatek Mt6835T - Mediatek Mt6878 - Mediatek Mt6878M - Mediatek Mt6879 - Mediatek Mt6886 - Mediatek Mt6895 - Mediatek Mt6895Tt - Mediatek Mt6896 - Mediatek Mt6897 - Mediatek Mt6899 - Mediatek Mt6980 - Mediatek Mt6980D - Mediatek Mt6983 - Mediatek Mt6983T - Mediatek Mt6985 - Mediatek Mt6985T - Mediatek Mt6989 - Mediatek Mt6989T - Mediatek Mt6990 - Mediatek Mt6991 - Mediatek Mt8673 - Mediatek Mt8676 - Mediatek Mt8678 - Mediatek Mt8795T - Mediatek Mt8798 - Mediatek Mt8863 -	29

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://corp.mediatek.com/product-security-bulletin/February-2025